Data Privacy Day commentary

Privacy is the topic of the day and will be for us all week. Here are some points-of-view from some of the technology folks speaking out on the subject. Let us know what you think and if you have any follow up articles you wish posted, please share with us.

January 29, 2012 in National Data Privacy Day. Data Privacy Day is an annual international celebration designed to promote awareness about privacy and education about best privacy practices.

In this networked world, in which we are thoroughly digitized, with our identities, locations, actions, purchases, associations, movements, and histories stored as so many bits and bytes, we have to ask – who is collecting all of this data – what are they doing with it – with whom are they sharing it? Most of all, individuals are asking ‘How can I protect my information from being misused?’ These are reasonable questions to ask – we should all want to know the answers.

Data Privacy Day promotes awareness about the many ways personal information is collected, stored, used, and shared, and education about privacy practices that will enable individuals to protect their personal information.

These are not questions for consumers and citizens alone, however. Business operators and state and federal governments must engage in this dialogue as well. Businesses have to question whether they are complying with laws and regulations requiring consumer privacy protections. They know that customers have to trust their technologies and services before they will use and pay for them. Government representatives need to explore and give effect to legislation in this area that protects consumers but also allows for technological innovation, progress and growth.

Data Privacy Day promotes collaboration and dialogue among all of those stakeholders with an interest in privacy.

In today’s highly vulnerable online corporate environments, implementing IT security has become a top priority and companies take the matter of protecting and securing their customers’ data quite seriously. Embarrassing security breaches not only prove costly to a company’s reputation and bottom line, some can even go out of business. But protecting personal data is not just a corporate responsibility, it is also up to individuals to be aware of what they can do personally to keep their personal data safe and secure. For many of us, clicking on that link in our online banking web session that advertises the latest and greatest in identity protection is too often seen as just that – an advertisement. Just like in the corporate environment where data protection is of utmost importance, and ever evolving, this mindset needs to reach to us as consumers as well. After all, the most probable help to drowning people is expected from drowning people themselves.

The Internet was designed for sharing, not security. As we have moved our business, e-governments and social lives online, and as these digital services become more and more sophisticated, so do fraudsters. Online identity theft is today the fastest going crime, with trillions of dollars in yearly losses.

However, just as the security belt for cars was not adopted in larger scale until it was a simple one second procedure, users will not adopt online identity protection if it is too complicated to use. And just as your driver license verifies your identity across multiple services, a secure and simple identity and authentication method that can be re-used across the range of Internet services will be needed for mass implementation. White House Initiative National Trusted Identities in Cyberspace (NSTIC) could make a difference here, driving mass implementation of online identity protection for US citizens and services, based on open identity standards and new authentication technologies.

If the past decade was the dawn of the commercial Internet the next decade could cast a shadow over it. The ability to buy, bank and be connected online is an essential component of people’s lives – and the economy’s growth – so keeping data safe and secure is critical from a broad, as well as personal, perspective. Companies will have to make security a primary concern instead of an afterthought and users will have to think the same way about online safety as they do about their personal safety. It’s not complicated; take precautions, be observant and lock your doors both real and digital. In the final analysis data security and privacy will have to be woven into the fabric of everyone’s daily life.

Data privacy means many different things, depending on the user and the user’s needs. For students, the biggest risk is saying something in a public forum that might come back to haunt them when they try to get a job, or might alienate them from their friends. For most adult consumers, data privacy primarily means taking care not to expose credit card numbers, Social Security Numbers, and other private information that might allow an attacker to gain access to their credit cards or bank accounts, causing considerable financial risk and aggravation.

For businesses, however, the risks are much, much greater, and can only be adequately addressed by the conscientious deployment of high-assurance encryption solutions. A single incident of a lost or stolen laptop containing your customer’s data can cause millions of dollars of damage in terms of preventative measures, as well as actual damages. And even if you laptop isn’t stolen, but merely “examined”, the loss of Intellectual Property, business plans, etc., could end up ultimately costing billions of dollars in lost revenue. The recommended solution to these problems is the use of high-assurance, FIPS 140-2 Level 3 hardware encryption devices, such as those designed by SPYRUS, Inc., including those that are marketed by our OEM Secured by SPYRUS customers, such as Kingston Technologies.

With the increasing use of mobile computing, kids and young adults are using online services, social networks and share data more than ever. Some of them almost publish their lives real time. Some kids have a Facebook account set up by their parents when they were born. What most of people don’t realize is that a post, comment, picture could be shared, archived and can be all over the Internet and follow a person for life. What was said when at age 13 might be haunting at age 25 when looking for a job.

It is imperative to raise awareness about keeping identity and personal information secure, and let kids and young adults know the implications. The task is not the responsibility of one person or organization. Online safety means whole exposure area needs to be covered end to end, from raising awareness of kids with flyers, online ads, and at sites they are using, to schools and parents providing and ensuring a safe computing environment, and to social networking and online data sharing companies to take responsibility and take preventative actions without being restrictive to usability and personal expression.

The best approach is what Apple is doing, ask user every time when their private data is shared, and ask again, if it is shared again, and do it prominently, so user is aware what is going on. This approach may not be liked by social networking sites, which relies their user base expansion on default behavior of sharing everything and publishing users so they are found easily by past or potential friends, which is true especially at the very beginning of social networking portal, on the other hand, this same behavior puts our kids at risk.